diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py index b06909b8..e1d9d30b 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" -class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: +class Test_cloudwatch_changes_to_network_acls_alarm_configured: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_acls_alarm_configured.cloudwatch_changes_to_network_acls_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_acls_alarm_configured.cloudwatch_changes_to_network_acls_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_acls_alarm_configured.cloudwatch_changes_to_network_acls_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_acls_alarm_configured.cloudwatch_changes_to_network_acls_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_acls_alarm_configured.cloudwatch_changes_to_network_acls_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_acls_alarm_configured.cloudwatch_changes_to_network_acls_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py index e5e08820..032aca5c 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" -class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: +class Test_cloudwatch_changes_to_network_gateways_alarm_configured: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_gateways_alarm_configured.cloudwatch_changes_to_network_gateways_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_gateways_alarm_configured.cloudwatch_changes_to_network_gateways_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_gateways_alarm_configured.cloudwatch_changes_to_network_gateways_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_gateways_alarm_configured.cloudwatch_changes_to_network_gateways_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_gateways_alarm_configured.cloudwatch_changes_to_network_gateways_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_gateways_alarm_configured.cloudwatch_changes_to_network_gateways_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py index a8082b4a..d68d401c 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" -class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: +class Test_cloudwatch_changes_to_network_route_tables_alarm_configured: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_route_tables_alarm_configured.cloudwatch_changes_to_network_route_tables_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_route_tables_alarm_configured.cloudwatch_changes_to_network_route_tables_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_route_tables_alarm_configured.cloudwatch_changes_to_network_route_tables_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_route_tables_alarm_configured.cloudwatch_changes_to_network_route_tables_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_route_tables_alarm_configured.cloudwatch_changes_to_network_route_tables_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_route_tables_alarm_configured.cloudwatch_changes_to_network_route_tables_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py index 87caee8f..8f8b07a9 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" -class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: +class Test_cloudwatch_changes_to_vpcs_alarm_configured: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_vpcs_alarm_configured.cloudwatch_changes_to_vpcs_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_vpcs_alarm_configured.cloudwatch_changes_to_vpcs_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_vpcs_alarm_configured.cloudwatch_changes_to_vpcs_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_vpcs_alarm_configured.cloudwatch_changes_to_vpcs_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_vpcs_alarm_configured.cloudwatch_changes_to_vpcs_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_vpcs_alarm_configured.cloudwatch_changes_to_vpcs_alarm_configured.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py index 81e1b8c7..cc60c678 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py @@ -1,19 +1,46 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_iam +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_cloudwatch_cross_account_sharing_disabled: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_iam def test_cloudwatch_without_cross_account_role(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.iam.iam_service import IAM + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -23,6 +50,9 @@ class Test_cloudwatch_cross_account_sharing_disabled: ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_cross_account_sharing_disabled.cloudwatch_cross_account_sharing_disabled.iam_client", new=IAM(current_audit_info), ): @@ -50,11 +80,12 @@ class Test_cloudwatch_cross_account_sharing_disabled: iam_client.create_role( RoleName="CloudWatch-CrossAccountSharingRole", AssumeRolePolicyDocument="{}" ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.iam.iam_service import IAM + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -64,6 +95,9 @@ class Test_cloudwatch_cross_account_sharing_disabled: ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_cross_account_sharing_disabled.cloudwatch_cross_account_sharing_disabled.iam_client", new=IAM(current_audit_info), ): diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py index 4e0cbb45..ed4d3448 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py @@ -1,18 +1,45 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_logs +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_cloudwatch_log_group_kms_encryption_enabled: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -22,6 +49,9 @@ class Test_cloudwatch_log_group_kms_encryption_enabled: ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_kms_encryption_enabled.cloudwatch_log_group_kms_encryption_enabled.logs_client", new=Logs(current_audit_info), ): @@ -43,11 +73,13 @@ class Test_cloudwatch_log_group_kms_encryption_enabled: logs_client.create_log_group( logGroupName="test", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -57,6 +89,9 @@ class Test_cloudwatch_log_group_kms_encryption_enabled: ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_kms_encryption_enabled.cloudwatch_log_group_kms_encryption_enabled.logs_client", new=Logs(current_audit_info), ): @@ -82,11 +117,13 @@ class Test_cloudwatch_log_group_kms_encryption_enabled: logs_client = client("logs", region_name=AWS_REGION) # Request Logs group logs_client.create_log_group(logGroupName="test", kmsKeyId="test_kms_id") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -96,6 +133,9 @@ class Test_cloudwatch_log_group_kms_encryption_enabled: ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_kms_encryption_enabled.cloudwatch_log_group_kms_encryption_enabled.logs_client", new=Logs(current_audit_info), ): diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py index b870eb59..8b3a57d6 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py @@ -1,20 +1,47 @@ from re import search from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_logs from moto.core.utils import unix_time_millis +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_cloudwatch_log_group_no_secrets_in_logs: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -24,6 +51,9 @@ class Test_cloudwatch_log_group_no_secrets_in_logs: ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs.logs_client", new=Logs(current_audit_info), ): @@ -49,11 +79,12 @@ class Test_cloudwatch_log_group_no_secrets_in_logs: logStreamName="test stream", logEvents=[{"timestamp": 0, "message": "line"}], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -63,6 +94,9 @@ class Test_cloudwatch_log_group_no_secrets_in_logs: ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs.logs_client", new=Logs(current_audit_info), ): @@ -96,11 +130,12 @@ class Test_cloudwatch_log_group_no_secrets_in_logs: } ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -110,6 +145,9 @@ class Test_cloudwatch_log_group_no_secrets_in_logs: ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs.logs_client", new=Logs(current_audit_info), ): diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py index 036b2d3f..c9d83461 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py @@ -1,18 +1,45 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_logs +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -22,6 +49,9 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", new=Logs(current_audit_info), ): @@ -43,11 +73,12 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: logs_client.create_log_group( logGroupName="test", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -57,6 +88,9 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", new=Logs(current_audit_info), ): @@ -85,11 +119,12 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: logGroupName="test", ) logs_client.put_retention_policy(logGroupName="test", retentionInDays=400) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -99,6 +134,9 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", new=Logs(current_audit_info), ): @@ -127,11 +165,12 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: logGroupName="test", ) logs_client.put_retention_policy(logGroupName="test", retentionInDays=7) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -141,6 +180,9 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", new=Logs(current_audit_info), ): diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py index 88a9e2b8..c1dc22d1 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" -class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: +class Test_cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -69,14 +99,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -84,11 +118,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -132,14 +166,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -147,11 +185,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -207,14 +245,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -222,11 +264,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -294,14 +336,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -309,11 +355,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -381,14 +427,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -396,11 +446,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py index ff6b69eb..fa5ad89b 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" -class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: +class Test_cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -69,14 +99,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -84,11 +118,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -132,14 +166,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -147,11 +185,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -207,14 +245,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -222,11 +264,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -294,14 +336,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -309,11 +355,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -381,14 +427,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -396,11 +446,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py index 8398e469..8bf096c9 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" -class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: +class Test_cloudwatch_log_metric_filter_authentication_failures: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_authentication_failures.cloudwatch_log_metric_filter_authentication_failures.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_authentication_failures.cloudwatch_log_metric_filter_authentication_failures.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_authentication_failures.cloudwatch_log_metric_filter_authentication_failures.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_authentication_failures.cloudwatch_log_metric_filter_authentication_failures.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_authentication_failures.cloudwatch_log_metric_filter_authentication_failures.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_authentication_failures.cloudwatch_log_metric_filter_authentication_failures.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py index 4ede6b54..c3631e7f 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_cloudwatch_log_metric_filter_aws_organizations_changes: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_aws_organizations_changes.cloudwatch_log_metric_filter_aws_organizations_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_aws_organizations_changes.cloudwatch_log_metric_filter_aws_organizations_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_aws_organizations_changes.cloudwatch_log_metric_filter_aws_organizations_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_aws_organizations_changes.cloudwatch_log_metric_filter_aws_organizations_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_aws_organizations_changes.cloudwatch_log_metric_filter_aws_organizations_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_aws_organizations_changes.cloudwatch_log_metric_filter_aws_organizations_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py index 111e02c3..c562a536 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" -class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: +class Test_cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -69,14 +99,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -84,11 +118,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -132,14 +166,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -147,11 +185,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -207,14 +245,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -222,11 +264,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -294,14 +336,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -309,11 +355,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -381,14 +427,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -396,11 +446,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py index 26017282..a1349169 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" -class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: +class Test_cloudwatch_log_metric_filter_for_s3_bucket_policy_changes: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py index 8ac23254..5525e683 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_policy_changes.cloudwatch_log_metric_filter_policy_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_policy_changes.cloudwatch_log_metric_filter_policy_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_policy_changes.cloudwatch_log_metric_filter_policy_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_policy_changes.cloudwatch_log_metric_filter_policy_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_policy_changes.cloudwatch_log_metric_filter_policy_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_policy_changes.cloudwatch_log_metric_filter_policy_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py index a41d1541..e74ead5f 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" -class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: +class Test_cloudwatch_log_metric_filter_root_usage: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_root_usage.cloudwatch_log_metric_filter_root_usage.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_root_usage.cloudwatch_log_metric_filter_root_usage.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_root_usage.cloudwatch_log_metric_filter_root_usage.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_root_usage.cloudwatch_log_metric_filter_root_usage.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_root_usage.cloudwatch_log_metric_filter_root_usage.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_root_usage.cloudwatch_log_metric_filter_root_usage.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py index 21715999..ba2f77c4 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_security_group_changes.cloudwatch_log_metric_filter_security_group_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_security_group_changes.cloudwatch_log_metric_filter_security_group_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_security_group_changes.cloudwatch_log_metric_filter_security_group_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_security_group_changes.cloudwatch_log_metric_filter_security_group_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_security_group_changes.cloudwatch_log_metric_filter_security_group_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_security_group_changes.cloudwatch_log_metric_filter_security_group_changes.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py index cb73ba0d..58725915 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" -class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: +class Test_cloudwatch_log_metric_filter_sign_in_without_mfa: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_sign_in_without_mfa.cloudwatch_log_metric_filter_sign_in_without_mfa.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_sign_in_without_mfa.cloudwatch_log_metric_filter_sign_in_without_mfa.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_sign_in_without_mfa.cloudwatch_log_metric_filter_sign_in_without_mfa.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_sign_in_without_mfa.cloudwatch_log_metric_filter_sign_in_without_mfa.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_sign_in_without_mfa.cloudwatch_log_metric_filter_sign_in_without_mfa.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_sign_in_without_mfa.cloudwatch_log_metric_filter_sign_in_without_mfa.logs_client", new=Logs(current_audit_info), ), mock.patch( diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py index 232cdedb..5dc90dee 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py @@ -1,25 +1,55 @@ from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3 from moto.core import DEFAULT_ACCOUNT_ID +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + + return audit_info + @mock_logs @mock_cloudtrail @mock_cloudwatch def test_cloudwatch_no_log_groups(self): - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_unauthorized_api_calls.cloudwatch_log_metric_filter_unauthorized_api_calls.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: s3_client.create_bucket(Bucket="test") cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test") - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_unauthorized_api_calls.cloudwatch_log_metric_filter_unauthorized_api_calls.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*", ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_unauthorized_api_calls.cloudwatch_log_metric_filter_unauthorized_api_calls.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ], ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_unauthorized_api_calls.cloudwatch_log_metric_filter_unauthorized_api_calls.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_unauthorized_api_calls.cloudwatch_log_metric_filter_unauthorized_api_calls.logs_client", new=Logs(current_audit_info), ), mock.patch( @@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: ActionsEnabled=True, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( + Cloudtrail, + ) from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( CloudWatch, Logs, ) + + current_audit_info = self.set_mocked_audit_info() + from prowler.providers.common.models import Audit_Metadata - current_audit_info.audited_partition = "aws" current_audit_info.audit_metadata = Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ @@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: completed_checks=0, audit_progress=0, ) - from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( - Cloudtrail, - ) with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_unauthorized_api_calls.cloudwatch_log_metric_filter_unauthorized_api_calls.logs_client", new=Logs(current_audit_info), ), mock.patch(